Apple Issues Updated Security Fix

The computer maker releases an updated version of its recent security patch after some users report problems with the first version.

0shares

Apple released another version of the security patch it distributed on March 13 to users of its OS X operating system software, in order to address a problem reported with the update.

The company said it distributed the new patch, dubbed Update 2006-002 v1.1, in order to fix an issue with Apple's Safari Web browser that some users observed after installing its 2006-002 security update.

According to a post on the company's Web site, the previous update had caused some Safari users to have problems launching the browser. Based on the post, the flaw specifically affected users who removed Safari from their computers' applications folders before installing the 2006-002 patch.

A separate buffer overflow was also addressed in the way the WebKit application framework handles certain HTML, which could allow a maliciously crafted Web page to cause a crash or to execute arbitrary code as the user viewing the site.

Apple also patched a third code execution hole in Safari that could let an attacker use JavaScript to trigger a stack buffer overflow.

Apple said Safari's security model prevents remote resources from causing redirection to local resources. "An issue involving HTTP redirection can cause the browser to access a local file, bypassing certain restrictions," the company said in the alert.

Check out eWEEK.com's Macintosh Center for the latest news, reviews and analysis on Apple in the enterprise.

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service